System and method for adaptive multifactor authentication
Abstract
In one embodiment, a method includes receiving a request for wireless connection from a supplicant device via a service path. The service path includes a peer-to-peer communication path. The method further includes, based on an indication received from the supplicant device, adapting an authentication method to the supplicant device. The adapting includes selecting at least one authentication factor from a plurality of supported authentication factors. Each of the plurality of supported authentication factors comprises an authentication path that is distinct from the service path. In addition, the method includes authenticating the supplicant device via each of the at least one authentication factor.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method comprising:
on an access-point (AP) device, receiving a request for wireless connection from a supplicant device via a service path, the service path comprising a peer-to-peer communication path;
based on an indication received from the supplicant device, adapting, by the AP device, an authentication method to the supplicant device;
wherein the adapting comprises selecting at least one authentication factor from a plurality of supported authentication factors;
wherein each of the plurality of supported authentication factors comprises an authentication path that is distinct from the service path; and
on the AP device, authenticating the supplicant device via each of the at least one authentication factor.
2. The method of claim 1 , comprising, responsive to the authenticating resulting in success, granting the supplicant device access to a service over the service path.
3. The method of claim 2 , comprising performing additional user authentication prior to performing the service.
4. The method of claim 1 , comprising:
wherein the at least one authentication factor comprises a proximity-communication factor;
wherein the indication comprises an indication that the supplicant device has an access token, the access token comprising a shared secret;
wherein the selecting comprises selecting the proximity-communication factor; and
wherein the authenticating comprises authenticating the supplicant device via the proximity-communication factor.
5. The method of claim 4 , wherein authenticating the supplicant device via the proximity-communication factor comprises:
establishing a connection with the supplicant device;
receiving the shared secret; and
validating the shared secret.
6. The method of claim 5 , wherein the supplicant device has obtained the access token from the AP device via near-field communication (NFC).
7. The method of claim 1 , comprising:
wherein the at least one authentication factor comprises an interactive-presence-validation (IPV) factor; and
wherein the authenticating comprises performing IPV.
8. The method of claim 1 , wherein the service path comprises a network path between a Wi-Fi direct interface of the AP device and a Wi-Fi interface of the supplicant device.
9. The method of claim 1 , wherein the at least one authentication factor comprises a plurality of authentication factors.
10. The method of claim 1 , wherein the at least one authentication factor comprises an interactive-presence-validation (IPV) factor and a proximity-communication factor.
11. An information handling system comprising:
a network interface operable to enable peer-to-peer connections thereto via a service path;
a processing unit communicably coupled to the network interface, wherein the processing unit is operable to:
receive a request for wireless connection from a supplicant device via the service path;
based on an indication received from the supplicant device, adapt an authentication method to the supplicant device;
wherein the adaption comprises selection of at least one authentication factor from a plurality of supported authentication factors;
wherein each of the plurality of supported authentication factors comprises an authentication path that is distinct from the service path; and
authenticate the supplicant device via each of the at least one authentication factor.
12. The information handling system of claim 11 , wherein the processing unit is operable, responsive to the authenticating resulting in success, to grant the supplicant device access to a service over the service path.
13. The information handling system of claim 12 , wherein the processing unit is operable to perform additional user authentication prior to performing the service.
14. The information handling system of claim 11 , comprising:
wherein the at least one authentication factor comprises a proximity-communication factor;
wherein the indication comprises an indication that the supplicant device has an access token, the access token comprising a shared secret;
wherein the selection comprises selection of the proximity-communication factor; and
wherein the authentication comprises authentication of the supplicant device via the proximity-communication factor.
15. The information handling system of claim 14 , wherein authentication of the supplicant device via the proximity-communication factor comprises:
establishment of a connection with the supplicant device;
receipt of the shared secret; and
validation of the shared secret.
16. The information handling system of claim 15 , comprising:
a near-field communication (NFC) network interface; and
wherein the information handling system has transmitted the access token to the AP device via the NFC network interface.
17. The information handling system of claim 11 , comprising:
wherein the at least one authentication factor comprises an interactive-presence-validation (IPV) factor; and
wherein the authentication comprises performance of IPV.
18. The information handling system of claim 11 , wherein the service path comprises a network path between a Wi-Fi direct interface of the AP device and a Wi-Fi interface of the supplicant device.
19. The information handling system of claim 11 , wherein the at least one authentication factor comprises a plurality of authentication factors.
20. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
receiving a request for wireless connection from a supplicant device via a service path, the service path comprising a peer-to-peer communication path;
based on an indication received from the supplicant device, adapting an authentication method to the supplicant device;
wherein the adapting comprises selecting at least one authentication factor from a plurality of supported authentication factors;
wherein each of the plurality of supported authentication factors comprises an authentication path that is distinct from the service path; and
authenticating the supplicant device via each of the at least one authentication factor.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.